This virus steals your bank details on your smartphone

you will also be interested

[EN VIDÉO] Phishing: what is it and how to prevent it?
Phishing is a form of spam that involves impersonating a trustworthy person or organization in order to hack information.

By monitoring the dark web, the cybersecurity company ThreatFabric discovered the existence of a new banking trojanbaptized as Oct. specific to Androidis a new, more advanced version of the Troy Horse ExobotCompact.D, itself an evolution of the Exobot malware first discovered in 2016

Like most of the banking malwareOcto can record keystrokes to record password and credit card numbers. also points Applications specific, in particular banking, where it displays a fake page about the application that asks the victim to identify himself. The malware also integrates functions to intercept and send SMSblock notifications from specific apps or even receive commands from a server.

The author can control the smartphone in real time.

However, the main novelty is that now the author has the possibility to handle the smartphone of the victim In addition to simply stealing the data and using it later, it can perform operations directly on the infected device, which reduces the risk of detection. Actions from the device and theIP adress As usual, they are less likely to be flagged as suspicious by the target bank or app.

Octo is based on the function Accessibility Service Android to perform remote actions (click, scroll, paste text…), and the MediaProjection function to display the screen at a speed of screenshot per second. The author could even create a script to run them automatically based on the application, without having to directly interact with the infected device. The Trojan can also display a black screen to hide its actions, silence all notifications and reduce the brightness to the minimum.

Fake apps on play store

The Trojan was distributed via fake apps directly on Play Stores d’intérieur et stores d’extérieur
Ces deux fonctions sont assurées essentiellement par les stores dits « d’intérieur », tels que les volets, les persiennes ou encore les…” data-image=”” data-url=”” data-more=”Lire la suite”>Shop
from Google, which have been downloaded more than 50,000 times. These do not contain malwarebut a module (dropper) that allows you to install it, to bypass Play Store security. To trick victims into installing one of these applications, the author used fake pages on infected sites asking to download a browser update. One of the applications flagged, and since removed, is Fast Cleaner (, which was also used to install banking malware. xenomorph. Other scam apps are:

  • Pocket Screen Maker (com.moh.screen)
  • Game Store (com.restthe71)
  • Post Bank Security (com.carbuildz)
  • Pocket Screen Maker (com.cutthousandjs)
  • BAWAG PSK Security (com.frontwonder2)
  • Installing the Play Store app (com.theseeye5)

This type of malware shows the limits of double authentication, as it has access to smartphone accounts and can intercept any messages received. The victim is not even aware of the problem as the screen seems to stay off. The only parade is to pay close attention to installed applications.

Are you interested in what you just read?

Leave a Comment